CVE-2007-5589

Name of the Vulnerable Software and Affected Versions phpMyAdmin versions prior to 2.11.1.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via certain input available in PHP SELF in various phpMyAdmin files, including server status.php, grab globals.lib.php, display change password.lib.php, and common.lib.php in the libraries directory. Additionally, vulnerabilities exist in PHP SELF and PATH INFO in libraries/common.inc.php. There might also be other vectors related to REQUEST URI.

Recommendations For versions prior to 2.11.1.2, update to version 2.11.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable files, such as server status.php, grab globals.lib.php, display change password.lib.php, and common.lib.php, until a patch is applied. Avoid using the PHP SELF and PATH INFO variables in the affected API endpoints, such as libraries/common.inc.php, until the issue is resolved.